We'll keep this short, simple, and in plain English. Not because "GDPR", but because your privacy is genuinely important to us and we want you to know exactly what we collect, when, why, and how.
We use Google Analytics on a number of our websites for analytical purposes. In a nutshell, Google collects non-identifying and aggregate information when our page loads in your browser, so that we can see some really useful information that helps us to determine the success of our products and services or of our marketing campaigns. For example, we might look at how many times a website or individual page is looked at in a 7 day period, or how many visitors arrive at our website but choose not to navigate to other pages. We cannot, and would never want to, see anything personally identifiable in these reports.
For Google to do this, they create "cookies" to track certain details. A cookie is simply a text file that your web browser saves for a website, so that on subsequent visits to that same website or to other pages within the same domain, the website can read the data it previously stored during the earlier request. For example the first time you visit a page on our website, a cookie might be placed with the time of that visit, and the second page request might read from this cookie to determine how much time has passed between those two requests, so that we can see how long our visitors usually spend on a particular page.
Most websites use Google Analytics. Reports like this are crucial to us for understanding how a website is performing and how we can make improvements, but if you really want to you can install the Google Analytics opt-out browser add-on which will disable the Google Analytics code from running in your browser, for any website that you visit.
Our websites or products might include contact forms, registration forms, newsletter sign-up forms, checkout page forms, or other types of forms that request specific information which you fill out. Such information is only ever used for the stated purpose and is not passed on to third parties unless such forms state otherwise. For example if you fill out a contact form, we'll receive the information you provide and will use it to appropriately respond to your request, but we wouldn't then pass that information on to our partners unless doing so was necessary to the fulfilment of your request, and we wouldn't add you to our marketing lists unless you'd requested that we do.
Sometimes, the information that you provide needs to be stored for future reference. For example if you fill out a registration form, create an order on an ecommerce website, or set up a profile on a social networking website.
In such cases, the information you provide is stored in a database on our servers. The databases that we set up are accessible only to QWeb Ltd employees, and we have a number of security mechanisms in place to prevent unauthorised or remote access to any of our servers.
None of our databases contain credit card or banking details. If you make payment through one of our websites or products, that payment request is processed directly by a certified payment gateway such as Sagepay, Worldpay, or Paypal and the card details you enter are not tracked by our systems at all.
Account passwords which never need to be read again are always stored encrypted, using one-way encryption algorithms that cannot easily be reversed. When you submit a login attempt, the password you type is encrypted in the same way as the password that you originally entered and the result is compared against what's stored, so your actual password is never deciphered.
We've built our own encryption library to obfuscate data in a way that means it can be even more securely stored as unreadable text, but later deciphered again by only the application that stored it. This means that although our databases are already secured by adequate anti-attack mechanisms and only accessible to trusted QWeb Ltd employees, we're able to obfuscate their content in a way that makes it much more difficult for an attacker to use the information they contain, even if access is breached.
For security and functional necessety, some actions are logged for a short period of time. For example if you visit a website that we host, your IP address, the url of the page you requested, the time of the request, and a status code are logged. Such logs do not contain anything personally identifiable other than your IP address, and are automatically removed after a few days. We use logs to determine the cause of connectivity issues or to identify and block abusive IP addresses and as such, they're crucial to maintaining the security of our systems.
We never collect or maintain information from those we actually know are under the age of thirteen.
If you've submitted information through any of our website forms, or provided it to us directly, and you're worried about how or where this information is stored, you can contact us to request removal and we'll work with you to comply as promptly as possible.
For more information about the services we have to offer and how we can help with your project, or if you have any queries about our policies or your data, contact us on 0113 831 3627 or email@example.com.
QWeb Ltd, 99 Mabgate, Leeds LS9 7DR
Company No. 08420620